I have to look at my notes to see where I am on these. I think the code fixes were actually minor on the back end, but I was getting a bit bogged down in the cross-site issues (which require a "high level of user interaction", meaning you have to be tricked into being logged in and subsequently accessing your login from another site - you almost have to be phished or have DNS poisoning/spoofing.)
Let me see what, if anything, I have in my notes and where I'm at with the demo code.
Lead developer FreeRealty
Other claims to fame: http://www.rwcinc.net
Enrolled Agent, Licensed to Represent Taxpayers before Exams, Appeals and Conference divisions of the Internal Revenue Service.